Skip to main content

What is ISO 22301?

THE ISO 22301 It specifies the requirements for a management system to not only protect your business from unexpected incidents, reduce the likelihood of them occurring, and ensure that your business recovers if they materialize.

The first step towards the correct implementation of the Business Continuity Management (GCN) is to understand the organization by conducting a physical risk assessment and then a business impact analysis. Business impact analysis will assist in identifying critical activities, interdependencies, and support resources for critical products and services, as well as the impact on the organization if partial and / or total infrastructure downtime occurs.

After understanding the organization, that is, conducting risk assessment and business impact analysis will define the strategies for the recovery of critical resources.

Then a governance model will be structured, where the continuity policy and management model of the BCM program will be elaborated. At this stage, the scheduling flows will be defined and the planning plans will be prepared. Crisis Management, Disaster Recovery Plan and Business Continuity processes.

The final step is to exercise, review, and maintain the plan through management activities performed at regular time periods, such as training, exercises, and reviews.


The implementation of a GCN system, based on ISO 22301 certification, helps the organization to show through contingency plans and procedures that are able to face crisis situations. This enables you to be resilient and trust your customers, insurers and stakeholders.

The benefits of adopting a continuity management model are:

  • Identify and manage current and future business threats;
  • Take a proactive attitude to minimize the impact of incidents;
  • Keep critical functions running during times of crisis;
  • Minimize downtime during incidents and improve recovery time
  • Demonstrate resilience to customers and suppliers.

Why certify an ISO 22301-based GCN system?

Many companies implement business continuity controls, but do not have sufficient motivators to seek certification of their business continuity system. GCN.

What aspects could be used as motivators?

1) Marketing: Having a higher level of competitiveness when evaluated for resilience power and can become a competitive differential in the participation of bids and RFPs;

2) Compliance: Some regulations, governments, or customers may require contracting a service to ensure that an organization's GCN system is ISO 22301.

The organization may use certification to prove compliance with ISO 22301, thus undergoing annual audits by an authorized body, but avoiding periodic audits of all clients.


THE ISO 22301 It is a support standard for implementing a management system for an organization, regardless of its size or line of business. Certified organizations will be able to demonstrate to regulatory bodies, customers, potential customers and stakeholders that they are in compliance with ISO requirements and best practices regarding business continuity.

The business continuity management process helps to create a clear understanding of the organization's key operations as well as identify potential failures and provide information for continuous improvement of its business processes. In addition, applying business continuity management across your organization can help you in:

  • Demonstrate that your business is able to respond efficiently and effectively to incidents;
  • Minimize losses and financial, operational and imaging impacts related to a disaster event;
  • Reduce insurance costs by demonstrating that risks are managed effectively.
* Kelli Ribeiro, Information Security Consultant at [SAFEWAY]


SAFEWAY is an Information Security consulting company, recognized by its clients for offering high value added solutions through projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Leave a Reply